- Description
- WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
CVE-2025-24902, CVE-2025-24905 & CVE-2025-24957 - A SQL Injection vulnerability was discovered in the WeGIA application. This vulnerability has been addressed in version 3.2.12. https://t.co/24fqp65LZZ https://t.co/sDlDm2ckg4 https://t.co/BPKXREocJX
@GrimmAnalyst
3 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24905 SQL Injection Vulnerability in WeGIA Web Manager 3.2.11 and Below https://t.co/v4SSbwtqkf
@VulmonFeeds
3 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24905 WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. T… https://t.co/K6mQHvXR1C
@CVEnew
3 Feb 2025
476 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24905: CRITICAL] SQL Injection vulnerability found in WeGIA's `get_codigobarras_cobranca.php`. Upgrade to version 3.2.12 to prevent data breaches. No workarounds available. #cybersecurity#cybersecurity,#vulnerability https://t.co/ayPhBsiSO8 https://t.co/y8KXbQrCH2
@CveFindCom
3 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A421C69D-AB7C-4DC3-B02E-150D6EA2862D",
"versionEndExcluding": "3.2.12"
}
],
"operator": "OR"
}
]
}
]